How Secure are Session variables?? How dificult is it for a user/hacker find out what session variables are being used? The root of the question deals with how dificult would it to be to find out what the authentication variable name and spoof it.

Also, are Session variables unique to a server or do they follow to a connection to other servers?